Windows Integration attempt #2
Douglas E. Engert
deengert at anl.gov
Thu Feb 8 14:17:15 EST 2007
Quanah Gibson-Mount wrote:
>
> --On Thursday, February 08, 2007 7:32 AM -0500 Sam Hartman
> <hartmans at mit.edu> wrote:
>
>>>>>>> "Quanah" == Quanah Gibson-Mount <quanah at stanford.edu> writes:
>> Quanah> --On Wednesday, February 07, 2007 5:07 PM -0500 Sam
>> Quanah> Hartman
>> Quanah> <hartmans at mit.edu> wrote:
>>
>> >> I would be suspicious of whether you had properly managed to
>> >> set your machine password.
>>
>> Quanah> Define "machine password". You mean the password used
>> Quanah> between the machine and the KDC for the keytab that was
>> Quanah> created? That bit is obviously working because when those
>> Quanah> don't match, the KDC logs an error, which it isn't doing.
>> Quanah> In any case, I had that particular password in my C&P
>> Quanah> buffer, and simple pasted it in for both the KDC and the
>> Quanah> windows box, so it would be particularly difficult for it
>> Quanah> to be a typo...
>>
>> If the salt types are inconsistent or something I could see the key
>> working to obtain tickets but not to decrypt them.
>
> Hm, interesting. Is there an easy way to diagnose that?
No, but Wireshark (formally called ethereal) runs on Linux or Windows
can show you a lot of the Kerberos packets. There is a lot of unencrypted
data in them which includes the salt returned in the AS_REP or KRB_ERROR
message in response to a kinit using a password.
So if you know what password you used to create the keytab,
and the salt you used, you could double check that the same salt was
used in both.
>
> --Quanah
>
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITS/Shared Application Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list